mercredi 13 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Hitachi Command Suite up to 7.x/8.6.x Resource Exhaustion denial of service

A vulnerability was found in Hitachi Command Suite up to 7.x/8.6.x. It has been classified as problematic. Affected is an unknown part. Upgrading to version 8.7.0-00 eliminates this vulnerability.
Auteur: VulDB

TIBCO EBX up to 3.20.13/4.1.0/4.2.0/4.2.1/4.2.2 Digital Asset Manager Web Interface Stored cross site scripting

A vulnerability was found in TIBCO EBX up to 3.20.13/4.1.0/4.2.0/4.2.1/4.2.2 and classified as problematic. This issue affects some unknown functionality of the component Digital Asset Manager Web Interface. There is no information about possible...
Auteur: VulDB

TIBCO EBX up to 3.20.13/4.1.0 Data Exchange Web Interface Stored cross site scripting

A vulnerability has been found in TIBCO EBX up to 3.20.13/4.1.0 and classified as problematic. This vulnerability affects an unknown functionality of the component Data Exchange Web Interface. There is no information about possible...
Auteur: VulDB

TIBCO EBX 5.8.1.fixR/5.9.3/5.9.4/5.9.5/5.9.6 Web Server Reflected cross site scripting

A vulnerability, which was classified as problematic, was found in TIBCO EBX 5.8.1.fixR/5.9.3/5.9.4/5.9.5/5.9.6. This affects an unknown function of the component Web Server. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

igniteup Plugin up to 3.4 on WordPress class-coming-soon-creator.php cross site request forgery

A vulnerability, which was classified as problematic, has been found in igniteup Plugin up to 3.4 on WordPress (WordPress Plugin). Affected by this issue is some unknown processing of the file includes/class-coming-soon-creator.php. There is no...
Auteur: VulDB

igniteup Plugin up to 3.4 on WordPress class-coming-soon-creator.php cross site scripting

A vulnerability classified as problematic was found in igniteup Plugin up to 3.4 on WordPress (WordPress Plugin). Affected by this vulnerability is an unknown code block of the file includes/class-coming-soon-creator.php. There is no information...
Auteur: VulDB

igniteup Plugin up to 3.4 on WordPress class-coming-soon-creator.php information disclosure

A vulnerability classified as problematic has been found in igniteup Plugin up to 3.4 on WordPress (WordPress Plugin). Affected is an unknown code of the file includes/class-coming-soon-creator.php. There is no information about possible...
Auteur: VulDB

igniteup Plugin up to 3.4 on WordPress class-coming-soon-creator.php denial of service

A vulnerability was found in igniteup Plugin up to 3.4 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects an unknown part of the file includes/class-coming-soon-creator.php. There is no information about...
Auteur: VulDB

ZyXEL P-1302-T10D v3 up to 2.00(ABBX.3) Access Control privilege escalation

A vulnerability was found in ZyXEL P-1302-T10D v3 up to 2.00(ABBX.3) (Router Operating System). It has been classified as critical. This affects an unknown functionality of the component Access Control. There is no information about possible...
Auteur: VulDB

Microsoft Office 2016/2019 on Mac Excel Document privilege escalation

A vulnerability was found in Microsoft Office 2016/2019 on Mac (Office Suite Software) and classified as critical. Affected by this issue is an unknown function of the component Excel. Applying a patch is able to eliminate this problem. A...
Auteur: VulDB

Slack-Chat up to 1.5.5 Slack Access Token information disclosure

A vulnerability has been found in Slack-Chat up to 1.5.5 (Messaging Software) and classified as problematic. Affected by this vulnerability is some unknown processing of the component Slack Access Token Handler. There is no information about...
Auteur: VulDB

WP SlackSync Plugin up to 1.8.5 on WordPress Slack Access Token information disclosure

A vulnerability, which was classified as problematic, was found in WP SlackSync Plugin up to 1.8.5 on WordPress (WordPress Plugin). Affected is an unknown code block of the component Slack Access Token Handler. There is no information about...
Auteur: VulDB

Intercom Plugin up to 1.2.1 on WordPress Slack Access Token information disclosure

A vulnerability, which was classified as problematic, has been found in Intercom Plugin up to 1.2.1 on WordPress (WordPress Plugin). This issue affects an unknown code of the component Slack Access Token Handler. There is no information about...
Auteur: VulDB

CERTFR-2019-AVI-559 : Multiples vulnérabilités dans Xen (13 novembre 2019)

De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

AUO SunVeillance Monitoring System up to 1.1.9 mvc_send_mail.aspx plant_no sql injection

A vulnerability classified as critical was found in AUO SunVeillance Monitoring System up to 1.1.9. This vulnerability affects an unknown part of the file mvc_send_mail.aspx. Upgrading to version 1.1.9e eliminates this vulnerability.
Auteur: VulDB

AUO SunVeillance Monitoring System up to 1.1.9 Access Control Picture_Manage_mvc.aspx authority privilege escalation

A vulnerability classified as critical has been found in AUO SunVeillance Monitoring System up to 1.1.9. This affects some unknown functionality of the file Picture_Manage_mvc.aspx of the component Access Control. Upgrading to version 1.1.9e...
Auteur: VulDB

Microsoft Windows up to Server 2019 Hyper-V Network Switch Remote Code Execution

A vulnerability was found in Microsoft Windows (Operating System). It has been rated as critical. Affected by this issue is an unknown functionality of the component Hyper-V Network Switch. Applying a patch is able to eliminate this problem. A...
Auteur: VulDB

CERTFR-2019-AVI-558 : Multiples vulnérabilités dans les produits Citrix (13 novembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

Hitachi Command Suite up to 7.x/8.6.4 information disclosure

A vulnerability was found in Hitachi Command Suite up to 7.x/8.6.4. It has been declared as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 8.6.5-00 eliminates this vulnerability.
Auteur: VulDB

Huawei Smart Phone prior Harry-AL00C 9.1.0.206(C00E205R3P1) NULL Pointer Dereference denial of service

A vulnerability was found in Huawei Smart Phone (Smartphone Operating System). It has been classified as problematic. Affected is some unknown processing. Upgrading to version Harry-AL00C 9.1.0.206(C00E205R3P1) eliminates this vulnerability.
Auteur: VulDB

OpenStack Keystone Long Password Stack-based denial of service

A vulnerability was found in OpenStack Keystone (Cloud Software) (unknown version) and classified as problematic. This issue affects an unknown code block. Upgrading eliminates this vulnerability. A possible mitigation has been published before...
Auteur: VulDB

mwlib 0.13.0/0.13.1/0.13.2/0.13.3/0.13.4 denial of service [CVE-2012-1109]

A vulnerability has been found in mwlib 0.13.0/0.13.1/0.13.2/0.13.3/0.13.4 and classified as problematic. This vulnerability affects an unknown code. Upgrading eliminates this vulnerability.
Auteur: VulDB

atop Temp File Symlink privilege escalation

A vulnerability, which was classified as critical, was found in atop (the affected version unknown). This affects an unknown part of the component Temp File Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Google Chrome WebKit WebCore::CSSSelector memory corruption

A vulnerability, which was classified as critical, has been found in Google Chrome (Web Browser) (affected version not known). Affected by this issue is the function WebCore::CSSSelector of the component WebKit. Upgrading eliminates this...
Auteur: VulDB

Google Chrome WebKit Use-After-Free memory corruption

A vulnerability classified as critical was found in Google Chrome (Web Browser) (affected version unknown). Affected by this vulnerability is an unknown functionality of the component WebKit. Upgrading eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS